WSA Transparent proxy issue with Google

obrien2010 · ‎10-24-2018

I have 6 Cisco WSA s680/s690 appliances managed by an m680 management box. My clients are using it as a transparent proxy (no config on the client end pointing to a specific proxy.) We use WCCP on a Cisco ASR to manage which proxy the traffic is sent to. Simple. Functional. until.. GOOGLE!

Google does not support transparent proxies.

The solution to the problem is to point the clients directly to a single one of those 6 proxy boxes. The POOF.. the problem is gone.

With 20,000 clients, it is impossible to send to ONE proxy.

Questions:

1. Has anyone had to deal with this issue?

2. If I point my clients to one of those 6 proxy boxes as a "master", is there a way to us the others as "slaves" to offset the load? This would mean the clients are using only one proxy (hopefully solving the google issue) but still sharing the load?

obrien2010 · ‎10-24-2018

One more thing.. white listing *.google.com is not an option due to "educational standards" in out county schools.

balaji.bandi · ‎10-24-2018

If you are managing Centrally with SMA all the WSA, why not create a proxy Bypass for the site you looking to bypass ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

obrien2010 · ‎10-24-2018

That's actually what we have been doing. One at a time. It's getting to be like herding cats. We get at least 100 requests per day for apps that wont work. We then have to go into the proxy logs and find out what is actually being denied, track it back to the app and THEN add it to the bypass list. I'm only one man (until the invent viable cloning) :)